MediaWiki  master
ApiQueryTokens.php
Go to the documentation of this file.
1 <?php
33 
34  public function execute() {
35  $params = $this->extractRequestParams();
36  $res = [
37  ApiResult::META_TYPE => 'assoc',
38  ];
39 
40  if ( $this->lacksSameOriginSecurity() ) {
41  $this->addWarning( [ 'apiwarn-tokens-origin' ] );
42  return;
43  }
44 
45  $user = $this->getUser();
46  $session = $this->getRequest()->getSession();
47  $salts = self::getTokenTypeSalts();
48  foreach ( $params['type'] as $type ) {
49  $res[$type . 'token'] = self::getToken( $user, $session, $salts[$type] )->toString();
50  }
51 
52  $this->getResult()->addValue( 'query', $this->getModuleName(), $res );
53  }
54 
63  public static function getTokenTypeSalts() {
64  static $salts = null;
65  if ( !$salts ) {
66  $salts = [
67  'csrf' => '',
68  'watch' => 'watch',
69  'patrol' => 'patrol',
70  'rollback' => 'rollback',
71  'userrights' => 'userrights',
72  'login' => [ '', 'login' ],
73  'createaccount' => [ '', 'createaccount' ],
74  ];
75  Hooks::run( 'ApiQueryTokensRegisterTypes', [ &$salts ] );
76  ksort( $salts );
77  }
78 
79  return $salts;
80  }
81 
94  public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
95  if ( is_array( $salt ) ) {
96  $session->persist();
97  return $session->getToken( ...$salt );
98  } else {
99  return $user->getEditTokenObject( $salt, $session->getRequest() );
100  }
101  }
102 
103  public function getAllowedParams() {
104  return [
105  'type' => [
106  ApiBase::PARAM_DFLT => 'csrf',
107  ApiBase::PARAM_ISMULTI => true,
108  ApiBase::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
109  ],
110  ];
111  }
112 
113  protected function getExamplesMessages() {
114  return [
115  'action=query&meta=tokens'
116  => 'apihelp-query+tokens-example-simple',
117  'action=query&meta=tokens&type=watch|patrol'
118  => 'apihelp-query+tokens-example-types',
119  ];
120  }
121 
122  public function isReadMode() {
123  // So login tokens can be fetched on private wikis
124  return false;
125  }
126 
127  public function getCacheMode( $params ) {
128  return 'private';
129  }
130 
131  public function getHelpUrls() {
132  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
133  }
134 }
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below...
Definition: ApiBase.php:94
getResult()
Get the result object.
Definition: ApiBase.php:640
const PARAM_DFLT
(null|boolean|integer|string) Default value of the parameter.
Definition: ApiBase.php:55
This is a base class for all Query modules.
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:568
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user...
Definition: ApiBase.php:761
const META_TYPE
Key for the &#39;type&#39; metadata item.
Definition: ApiResult.php:110
A helper class for throttling authentication attempts.
The User object encapsulates all of the user-specific settings (user_id, name, rights, email address, options, last login time).
Definition: User.php:51
getCacheMode( $params)
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:4353
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:520
static getTokenTypeSalts()
Get the salts for known token types.
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1924
const PARAM_ISMULTI
(boolean) Accept multiple pipe-separated values for this parameter (e.g.
Definition: ApiBase.php:58
Module to fetch tokens via action=query&meta=tokens.
static run( $event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:200